Email encryption

Email encryption refers to encryption, and often authentication, of email messages, which can be done in order to protect the content from being read by unintended recipients.

Technology for email is readily available (see below), but has not achieved widespread adoption, apparently due to social factors, such as people seeing the use of encryption as paranoid, and as marking a message urgent whether it is or not (Gaw et al, 2006).

Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them; while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

Contents

encryption protocols

Popular protocols for email encryption include:

Mail sessions encryption

The STARTTLS SMTP extension is a TLS (SSL) layer on top of the SMTP connection. While it protects traffic from being sniffed during transmission, it is technically not encryption of emails because the content of messages is revealed to, and can be tampered with, by involved email relays. In other words, the encryption takes place between individual SMTP relays, not between the sender and the recipient. When both relays support STARTTLS, it may be used regardless of whether the email's contents are encrypted using another protocol.

STARTTLS is also an extension of IMAP4 and POP3, see RFC 4616.

References

Shirley Gaw, Edward W. Felten, and Patricia Fernandez-Kelly. "Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted E-Mail." In CHI 2006 (Proceedings of ACM SigChi). http://www.cs.princeton.edu/~sgaw/publications/01Feb-Activists-sgaw-CHI2006.pdf

See also